Skip to main content
Press Release

U.S. Attorney Announces Charges Against Two Iranian Nationals For Cyber-Enabled Disinformation And Threat Campaign Designed To Interfere With The 2020 U.S. Presidential Election

For Immediate Release
U.S. Attorney's Office, Southern District of New York
Conspirators Crafted Unique Messaging Themes For Each Side of the U.S. Political Spectrum to Capitalize on the Perceived Fears of the Targeted Audiences

Damian Williams, the United States Attorney for the Southern District of New York, and Bryan Vorndran, the Assistant Director of the Federal Bureau of Investigation’s Cyber Division (“FBI”), and Matthew G. Olsen, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging Iranian citizens and residents Seyyed Mohammad Hosein and MUSA KAZEMI (سید محمد حسین موسی کاظمی), a/k/a “Mohammad Hosein Musa Kazem,” a/k/a “Hosein Zamani,” and SAJJAD KASHIAN (سجاد کاشیان), a/k/a “Kiarash Nabavi,”for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 U.S. Presidential election.  As part of this campaign, the conspirators obtained confidential United States voter information from at least one state election website, sent threatening email messages to intimidate voters, created and disseminated a video containing disinformation pertaining to purported but non-existent voting vulnerabilities, attempted to access, without authorization, several states’ voting-related websites, and successfully gained unauthorized access to a U.S. media company’s computer network that, if not for successful FBI and victim company efforts to mitigate, would have provided the conspirators another vehicle for further disseminating false claims after the election.  The case has been assigned to U.S. District Judge Victor Marrero.

U.S. Attorney Damian Williams said:  “As alleged, Kazemi and Kashian were part of a coordinated conspiracy in which Iranian hackers sought to undermine faith and confidence in the U.S. Presidential elections.  Working with others, Kazemi and Kashian accessed voter information from at least one state’s voter database, threatened U.S. voters via email, and even disseminated a fictitious video that purported to depict actors fabricating overseas ballots.  The United States will never tolerate any foreign actors’ attempts to undermine our free and democratic elections.  As a result of the charges unsealed today, and the concurrent efforts of our U.S. government partners, Kazemi and Kashian will forever look over their shoulders as we strive to bring them to justice.”

Assistant Director of the FBI’s Cyber Division Bryan Vorndran.said:  “The FBI remains committed to countering malicious cyber activity targeting our democratic process. Working rapidly with our private sector and U.S. government partners and ahead of the election, we were able to disrupt and mitigate this malicious activity – and then to enable today’s joint, sequenced operations against the adversary. Today’s announcement shows what we can accomplish as a community and a country when we work together, and the FBI will continue to do its part to keep our democracy safe.”

Assistant Attorney General for National Security Matthew G. Olsen said:  “The Department is committed to using all tools at its disposal, including criminal charges, to expose and disrupt malign foreign influence efforts and bring the responsible actors to justice. The indictment reveals that Iranian actors sought to sow discord by targeting Republicans with messages claiming voter fraud, and Democrats with ‘false flag’ threats from the Proud Boys.  Its detailed allegations provide unadulterated facts that will help further inoculate the U.S. public, regardless of political affiliation, from future tailored and targeted disinformation campaigns.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

The 2020 Election Interference Campaign

Starting in approximately August 2020, and proceeding until November 2020, KAZEMI, KASHIAN, and other co-conspirators began a coordinated, four-stage campaign to undermine faith and confidence in the 2020 Presidential Election (the “Election Interference Campaign”) and otherwise sow discord within U.S. society.  The campaign had four components:

  1. In September and October 2020, members of the conspiracy conducted reconnaissance on, and attempted to compromise, approximately eleven state voter websites, including state voter registration websites and state voter information websites.  Those efforts resulted in the successful exploitation of a misconfigured computer system of a particular U.S. state (“State-1”), and the resulting unauthorized downloading of more than 100,000 State-1 voters’ information.
  2. In October 2020, members of the conspiracy, claiming to be a “group of Proud Boys volunteers,” sent Facebook messages and emails (the “False Election Messages”) to Republican Senators, Republican members of Congress, individuals associated with the Presidential campaign of Donald J. Trump, White House advisors, and members of the media.  The False Election Messages claimed that the Democratic Party was planning to exploit “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.”  The False Election Messages were accompanied by a video (the “False Election Video”) which purported, via simulated intrusions and the use of State-1 voter data, to depict an individual affiliated with the Proud Boys hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots through the Federal Voting Assistance Program (“FVAP”) for military and overseas voters.[2] 
  3. Also in October 2020, the conspirators engaged in an online voter intimidation campaign involving the dissemination of a threatening message (the “Voter Threat Emails”), purporting to be from the Proud Boys, to tens of thousands of registered voters, including some voters whose information the conspiracy had obtained from State-1’s website.  The emails were sent to registered Democrats, and threatened the recipients with physical injury if they did not change their party affiliation and vote for President Trump.
  4. On November 4, 2020, the day after the 2020 U.S. Presidential election, the conspirators sought to leverage earlier September and October 2020 intrusions into an American media company’s (“Media Company-1”) computer networks.  Specifically, on that day, the conspirators attempted to use stolen credentials to again access Media Company-1’s network, which would have provided them another vehicle for further disseminating false claims concerning the election through conspirator-modified or created content.  However, because of an earlier FBI victim notification, Media Company-1 had by that time mitigated the conspirators’ unauthorized access and these log-in attempts failed.

 

Background on Kazemi and Kashian

SEYYED MOHAMMAD HOSEIN MUSA KAZEMI and SAJJAD KASHIAN are experienced Iran-based computer hackers that worked as contractors for an Iran-based company called Eeleyanet Gostar, now known as Emennet Pasargad.  Eeleyanet Gostar purported to provide cybersecurity services within Iran.  Among other things, Eeleyanet Gostar is known to have provided services to the Iranian Government, including to the Guardian Council.

As part of his role in the Election Interference Campaign, KAZEMI compromised computer servers that were used to send the Voter Threat Emails, prepared such emails, and compromised the systems of Media Company-1.  KASHIAN’s role was to manage the conspirators’ computer infrastructure used to carry out the Voter Threat Email campaign, and to purchase social media accounts in furtherance of the Election Interference Campaign.

*                *                *

KAZEMI, 24, and KASHIAN, 27, are both charged with one count of conspiracy, which carries a maximum sentence of five years in prison; one count of voter intimidation, which carries a maximum sentence of one year in prison; and one count of transmission of interstate threats, which carries a maximum sentence of five years in prison.  KAZEMI is additionally charged with one count of unauthorized computer intrusion, which carries a maximum sentence of five years in prison; and one count of computer fraud: knowingly damaging a protected computer, which carries a maximum sentence of ten years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendants will be determined by the assigned judge.

Concurrent with the unsealing of the indictment, the Department of the Treasury Office of Foreign Assets Control (“OFAC”) designated Emennet Pasargad, KAZEMI, KASHIAN, and four other Iranian nationals comprising Emennet Pasargad leadership pursuant to Executive Order (E.O.) 13848, “Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election.”  Additionally, the Department of State’s Rewards for Justice Program, is offering a reward of up to $10 million for information on or about the KAZEMI and KASHIAN’s activities.

Mr. Williams praised the outstanding investigative work of the FBI, including the work of the Cleveland FBI Field Office and the FBI Cyber Division.    

The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Dina McLeod and Louis A. Pellegrino are in charge of the prosecution, with assistance from Trial Attorney Adam Small of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.        

 

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

[2]  In actuality, the computer intrusions depicted in the False Election Video were simulated intrusions created by members of the conspiracy using their own server and data obtained during the State-1 exploitation.  Further, the FVAP could not actually be leveraged in the manner implied by the False Election Video.

Contact

Nicholas Biase, James Margolin
(212) 637-2600

Updated November 18, 2021

Topic
Cybercrime
Press Release Number: 21-327